[CVE = Common Vulnerabilities and Exposures]
Another Second Tuesday of the month... Another Adobe Flash and Adobe AIR patch marathon!
This time we're up to Adobe Flash v184.108.40.206 and Adobe AIR v220.127.116.11, patching 35 (thirty-five) CVE security flaws.
Where to download the updates
The new Adobe Flash (and AIR) Security Bulletin
Details from the new Adobe Flash (and AIR) Security Bulletin, with added links to available CVE data!
Vulnerability Details(Note: CVEs not linked above did not have available data at Mitre.org at the time of this posting).
These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).
These updates include further hardening to a mitigation introduced in version 18.104.22.168 to defend against vector length corruptions (CVE-2015-5125).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).
These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).
No new zero-day Flash/AIR exploits have been reported at this time. However, Adobe considers these updates to be CRITICAL. Therefore, it is advised to update ASAP.